The Framework for Mobile Security in Government

There’s no doubt about it – the federal government has gone mobile. Driven by both policy and the compelling nature of mobile computing, smartphones and tablets have become daily tools at all levels of government. No longer just for email and phone calls, in the hands of line and management employees, mobile devices also carry enterprise applications and collaboration tools.

Yet mobile security remains a work in progress. To gauge that progress and explore the opportunities for improvement, Federal News Radio convened a panel of mobile policy and security experts to explore the crucial topic of mobile security in government.

Participants were:

Vincent Sritapan, program manager in the cybersecurity division of the Science and Technology Directorate at the Homeland Security Department
Jon Johnson, enterprise mobility team manager at the General Services Administration
Joshua Franklin, information security engineer at the National Institute of Standards and Technology (NIST)
Johnny Overcast, director of government sales at Samsung Electronics America.
Johnson pointed out how the three agencies are working in concert to develop mobile security standards and practices, noting the government’s intense interest and leadership in cybersecurity writ large.

At NIST, Franklin explained, several special publications, notably 800-124, address mobile security. Under continuous research and updating with industry input, projects there cover topics as diverse as mobile virtual private network (VPN) security, derived credentials, and safety in uses of 4G LTE wireless services.

Sritapan outlined several technologies into which the directorate is investing in research. These include improvements in network architectures, baseband firmware on devices, and continuous authentication. Some four dozen organizations have responded to the DHS request for information, offering 145 potential ideas – in less than two months since the RFI went out. He said one promising strategy is to bake continuous diagnostics and mitigation – which agencies are using for their Ethernet-connected computers – into mobile device management software.

At Samsung, the Knox product is successfully hardening its Galaxy smartphones down through the operating system level to the processor, providing a hardware “root of trust”, according to Overcast. The devices provide strong VPN support, on-board encryption, and trusted memory zones to keep enterprise data and applications secure and apart from social media and other applications users typically have on their phones. It amounts to assurance for what Overcast calls GOPE – government-owned, personally enabled – devices.

This discussion will get you up to date on the latest strategies and technologies to boost mobile security in your agency.


Leave a Reply